Slashdot Mirror
Civil Servant Watching Porn At Work Blamed For Government Malware Outbreak (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: A U.S. government network was infected with malware thanks to one employee's "extensive history" of watching porn on his work computer, investigators have found. The audit, carried out by the U.S. Department of the Interior's inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and "exploited the USGS' network." Investigators found that many of the porn images were "subsequently saved to an unauthorized USB device and personal Android cell phone," which was connected to the employee's government-issued computer. Investigators found that his Android cell phone "was also infected with malware." The findings were made public in a report earlier this month but buried on the U.S. government's oversight website and went largely unreported.
The jokes write themselves!
Wanna bet it was Windows based?
Custom electronics and digital signage for your business: www.evcircuits.com
He go a promotion. Its not like they fire employees.
The porn-watcher might have been the patient-zero of this outbreak, but I think as much if not more blame needs be laid at the feet of the IT staff that allowed the malware to get as far as it did. Limit user privileges, lock down access ports and use secure operating systems and the damage would not have been as severe; it might only have been limited to that single user's machine.
But that sort of thinking would require a costly revamping of the entire computer infrastructure, so better to put the blame on a single user, who could just as easily have gotten the malware from an ad on a perfectly legitimate site. Fortunately, he was viewing porn (naked bodies entwined together! The most evil threat America has ever faced!) so it's easy to throw him to the wolves.
If you work computer security for any company of decent size, you're gonna discover someone surfing porn. Most times we give folks the benefit of a doubt the 1st time in case it's some porn ad something on an otherwise "okay" site (gray, but not really a policy violation), but once a pattern of porn surfing is discovered, it usually results in someone getting written up, potentially ending with them losing their job.
Don't do this at work. You're not on your personal computer, it could be a shared computer (ewwww), and it's not your network. There's always someone watching to the benefit of the company, not you. It makes for an awful work environment for the people in the office, and can bring in malware. There's a joke I heard, of people clicking on the Yes/Accept/Install buttons ... "do I have porn yet?" [click] "do I have porn yet?" [click]. Lots of malware comes down in the form of a "video codec" or plugin you need to watch the media. It's just awful.
da w00t. mtfnpy?
"The EROS Center..." Oh, can irony get any better than this??!!
Wanna bet that since the person is a civil servant, that even after being caught, will still NOT be able to be fired?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
But this dude apparently thought he worked for the United States Gynecological Survey.
#DeleteChrome
Wanna bet that he will be? You need a scapegoat after something like that, after all, and he's neither a politician nor a CEO.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
In my experience (with more than a decade in IT security), the weakest link is that CEO secretary that curiously needs to bypass the corporate content filter and also needs for some godawful reason admin access on her PC, despite the fact that she can't turn on the machine without causing a security incident.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
And just how many people is that, precisely? 20? 50? 100? 1000?
File under 'M' for 'Manic ranting'
I am seriously considering the option of becoming a public servant and this information seems quite useful. Note to myself: when visiting porn sites at work, never download anything! LOL.
Seriously, who downloads an executable from a porn site?! Part of the pathetically-nonsensical spam I am getting lately includes pretty crappy messages saying that I have to pay because they have recorded me watching porn? That otherwise they would destroy my reputation!! (I guess that they are planning to firstly build me a good reputation. LOL). By ignoring its overall nonsensical essence ("you can increase your available time by writing ++ in the calculator of your computer"!!), the first idea coming to my mind was precisely why would anyone download a piece of malware (not a video) from a porn site with the huge number of available alternatives where you don't need to do anything of this sort? I mean... this is at least what someone from my church told me. LOL.
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
So now slashdot has brought it to the front to publicly shame the individual?
You must be new here...
"Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
And just how many people is that, precisely? 20? 50? 100? 1000?
2.
Wanna bet they used IE 6 on XP to support some gawd-awful "legacy system" built by a low bidder back in the 90's?
I am not your blowing wind, I am the lightning.
or other non job web use.
Like, oh, say, Slashdot?
I am not your blowing wind, I am the lightning.
"I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your species and I realized that you're not actually mammals. Every mammal on this planet instinctively develops a natural equilibrium with the surrounding environment but you humans do not. You move to an area and you multiply and multiply until every natural resource is consumed and the only way you can survive is to spread to another area. There is another organism on this planet that follows the same pattern. Do you know what it is? A virus. Human beings are a disease, a cancer of this planet. You're a plague and we are the cure."
Surely his computer was running Quebes OS (or something similar), with the USB ports disabled. If this wasn't the case, why not?
What else is there to do in South Dakota?
This is why you don't make all government computers openly connect to one another, or else some jerk-off (being literal here) infects your military/etc through some gardening branch of government.
There are people out there who watch porn. I don't mean rub one out and close the window. No, they watch for hours and hours. They get addicted. They can't stop. Watching at work? Of course. Alcoholics drink at work, drug addicts are high at work, why wouldn't porn addicts watch porn at work?
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
now if there are stuck on some old IE ActiveX software then users may admin to get work done.
"Investigators recommended that USGS enforce a “strong blacklist policy” of known unauthorized websites and “regularly monitor employee web usage history.”
WHITELIST FFS. Not perfect but infinity better than a blacklist, also know as wack-a-mole.
A reasonable amount of non-work at work makes the employees more content, and content workers is usually a plus.
It should of course be reasonable, but if you expect people to work like slaves for hours straight with no amount of non-work activity interspersed, expect malcontents and burn-outs.
Fifteen minutes of shopping or news reading or something a couple of times a day might be acceptable. Hours on end, not so much.
But, Oh noes! The BOGEY-MAN PORN is to blame. What a crock! How do you know it wasn't from sports sites, shopping sites, joke sites, running your mouth sites? No, it has to be the BOGEY-MAN PORN!
The #MeToo movement is a collective witch-hunt that is not interested in justice for those legitimately wronged (which there are a lot of), they are only interested in using sex as a weapon to seize more and more power for ineffectual, weak, dictator wannabes!
Just because the idiot is a government employee doesn't make him any worse than the millions of employees in corporations and schools who also watch porn. I agree the network should be more locked down, but that assumes one is able to hire higher quality sysadmins, and most likely the gov't can't afford to pay them. (remember, our current fearless leader thinks we ought to reduce the size of our federal government.)
Well we know his infected phone was Linux based, what's your point?
Would ad blocker plug-ins have prevented this?
Most times we give folks the benefit of a doubt the 1st time in case it's some porn ad something on an otherwise "okay" site (gray, but not really a policy violation)
Had that happen to me once, but it wasn't a bad ad but a bad search result. Was looking for how to solve some SQL Server issue clicked on a link that looked like it had relevant info, but nope, porn site. My boss was behind me and saw it and asked what I was doing. I explained to her the problem I was working on showed the search result page with the relevant search result I clicked on and then showed that it went to the porn site instead. Thankfully it was at a small company so there was not a HR battle to be had.
Time to offend someone
He's helping pay for repairing potholes and clearing snow from streets . . .
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
So now slashdot has brought it to the front to publicly shame the individual?
Trial by media... shame on you slashdot.
Welcome to the Internet. Have a good time!
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
LOL, and that is why I do all of my porn watching on a FreeBSD VM with a locked down Firefox which doesn't allow scripts or plugins.
No way in hell I trust a bloody porn site to not be infested with malicious shit.
YouDaRealMVP.jpg
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
And just how many people is that, precisely? 20? 50? 100? 1000?
I really don't see how that is relevant, do you expect me to quote a scientific study that shows MTTP (mean time to pr0n)? "decent size" was very obviously a generalization.
da w00t. mtfnpy?
Seriously?
My base perspective is...the idiot is getting paid my MY (and yours) tax dollars, and I"m guessing the job description says nothing about surfing porn on the federal dollar?
Are you telling me that someone that did this very same thing in the private sector wouldn't be canned in a new york minute??
Seriously...are you saying you think it is acceptable to surf porn at work?
Sure, better security, that's a given, but you think this person should not be held directly responsible for doing something that EVERYONE knows they are not supposed to do at work on the clock on work computers.
Hell, government computers come with all kinds of warnings the second you try to log onto them, it isn't like anyone on a federal computer wouldn't know this a forbidden thing to do.....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
This is, sadly, all too common.
Fully licensed blockchain psychiatrist
Nope.
And even if I were...it isn't pr0n.
And, work policies allow for some personal web time during the work day, as long as it isn't against company policies such as viewing pr0n, etc.
Most workplaces allow some person computer time, but I don't know of any that allow pr0n surfing on the clock on work equipment...save maybe at FB searching for bad content to remove.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Of course he was watching porn! He worked at the EROS center!
I was simply curious as to whether or not the places I have worked in the past decade may not be large enough, or if your generalization of "any company" was, in fact, an overgeneralization.
File under 'M' for 'Manic ranting'
Jeesh - can't our government use a firewall with content filtering???
Greed is the root of all evil.
Old IT admin here. We had a user that was not only downloading gigs at work to his work laptop, he was also using his processor at 100% for 8 hours a day. When we investigated, he was downloading gigs of regular porn and using his work computer to process them into "3D" like google street view. ALL DAY for weeks until we noticed. Dude got shit canned real fast. Higher ups just wanted to know if it was ALSO anything illegal. Got paid to watch his 3D porn for "research"
If it ain't broke don't fix it, but broke is highly subjective. It might happen slowly, but at some point the reliance on outdated, unsupported, insecure tech crosses the threshold into broke territory, and your frog gets boiled.
I am not your blowing wind, I am the lightning.
but I don't know of any that allow pr0n surfing on the clock on work equipment...
My old boss just told me to - Put it on the server and send me a link.
They can have my command prompt when they pry it from my cold dead fingers.
With less than a 2% usage rate for Linux on total desktops out there (quick google search), there is little doubt is was Windows.
For this to occur, there couldn't have been a firewall with content filtering, anti-virus, or likely even a patch management policy.
For gross network security management negligence like this, any operating system would likely have been compromised.
Greed is the root of all evil.
Android is not windows based you idiot or are you trolling and leaving key information out?
Tired of my customary (Score:1)
Securing hosts from other, rogue hosts doesn't do much to protect them if the attack vector is a rogue user.
This is a data management agency and if you compromise the right user's devices those devices can be used to launch attacks on many hosts.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
That's all true but an addict should know the difference between cellular data and company wifi.
If he had so much time to surf porn at work, and none of his superiors noticed, clearly they should have all been part of that reduction of government.
Just because you disagree doesn't mean it's not true.
It was a ghost!
Clearly at $3t and with its ability to afford to pay people to watch porn, it needs to be reduced. He was stealing from tax payers.
Most government entities don't have a clue on their network infrastructure let alone on locking the computers down. Too many different standards and different ways of their networks are built. Guess how many system admins come and go over the years without an once of documentation. Router passwords changed and no one seems to know them. Since no one bother to enforce industry standards of best practices this is what got them.
Best they could do in the interim is enforce policy rules on the firewall to disallow porn sites and block unauthorized VPN connections (this can be done via the application level on the firewall). Also keep eye on access logs and fetch keywords. Since neither one of them are used is a sign of lazy admins.
My base perspective is...the idiot is getting paid my MY (and yours) tax dollars, and I"m guessing the job description says nothing about surfing porn on the federal dollar?
.
Maybe he was working on a government study of Pr0N use when monkeys are given a computer. It could happen, I have seen governments study stupider stuff.
No matter where you go, there you are.
Many security experts say the weakest link is the employee who does stupid things. But let's also consider the amount of wasted time as well. If its not porn, its shopping, social sites, or other non job web use
Two points to that.
One, shopping sites (at least such as Amazon and the like) in my experience actually have far more benefits than not to allow.
I commonly see and hear of people doing their grocery shopping on their 3pm break to line up with 2 hour prime delivery for when they get home.
Those who have managers that disallow it have a *far* higher rate of requests to leave a full hour early to do the same shopping physically.
That's the difference between a quarter sized chunk of time the employee is legally entitled to not working during, vs a full hour of pay adjustment with lack of that hours productivity.
Other than that one item on your list however I do agree the rest are at best huge time wasters and at worse an infection method and workplace disruption.
The second point however is a bit more general. While there are certainly technical steps one can take to at least protect from malware and known bad websites, for the most part such time wasters (think social media) are by far more of a people problem than a technical one, and need to be solved accordingly.
Locking things down does have an effect on morale to people who can act like adults and behave themselves. This is harder to measure but does exist, and at the end of the day it comes at the cost of attempting and ultimately failing to punish the time waster with ineffective technical means.
Ever hear the old "standing around the water cooler telling hour long stories" meme?
That's the thing, time wasters will always find a way to waste time, and it doesn't need to be by technical means.
This is a problem with the person that needs addressed, not with the technology we run.
If a person is not putting in the hours they are being paid for, that is the problem, no matter the reason for it.
If a person is paid for an end result and not delivering, that is the problem, no matter the reason for it.
This is true no matter if it's wasting time on facebook or wasting time hovering around the break room water cooler, and that fact alone shows this isn't an IT/technical problem to fix.
Spending IT time and resources fixing one tiny avenue of wasting time will not fix all the other ways to do it, and will not fix the problem which is the person wasting time. It simply costs more for nearly zero benefit.
Food for thought.
The Android seems to have been a carrier of the data. Not how the Windows host got infected, as far as I know there isn't any malware that infects both Android and Windows
Custom electronics and digital signage for your business: www.evcircuits.com
At least he was doing something, which is more than you can say for most Federal workers.
Old IT admin here but also knowledgeable about legal frameworks. You shouldn't be investigating anyone for anything illegal, you don't have the knowledge, legal standing or tools for proper forensic examination. If you did find something, the evidence would be declared botched by any first year attorney and a mistrial would be declared, you may even become liable yourself.
If your employer wants to know if your employee did something illegal, get the right people involved to do the right kind of investigation. That means third party or police/government agency.
Custom electronics and digital signage for your business: www.evcircuits.com
With that in mind, let me say that the duly appointed sysadmin or anyone from the IT staff can look at things without it being considered to "taint" evidence, otherwise we'd never be able to convict the sick (and stupid) people who take their computer into Best Buy for repair while leaving a folder full of child pornography.
What I was taught in school, and instructed to do at several jobs (including one internship at the provincial gov't level) was this: Do your job, which may include examining data a user has stored on their work issued equipment. IF you see anything that you think is illegal or even questionable, tell the boss and call the cops. Do not touch the machine any further. Do not even shut it down. The boss will then see to it that physical access to the device is restricted and the police will show up to handle the disconnection from the network and possible shut down. (did you know the police actually have a device that lets them fake a network connection and keep a desktop machine fully powered while driving it across town? I found the bit where they slipped a probe between plug and outlet to seamlessly transfer power source from wall to battery pack particularly fascinating).
The reason for this policy is three fold:
1) A lot of successful prosecutions, especially for illegal porn, rely on happen-stance. A tech stumbling over something, a creep forgets to log out and his wife finds it, whatever. As long as the discoverer can swear in court that they just stumbled across it and did nothing that would alter the data, then the data is still admissible.
2) The police just do NOT have the manpower to handle every "we fired John for surfing porn at work, can you come and check his machine to see if he did anything illegal as well?
3) The report of the discoverer is often the basis for probable cause and issuance of a warrant. If I didn't tell the police I saw something off, they would have no legal basis from which to proceed with an investigation.
One last thought: Even if a guy does surf or create child porn on the work issued equipment, while sufficient for conviction, it may not always be the sole source of such evidence. Any one making illegal porn on a work machine probably has more of it on his personal machine back home as well. (pedos are also notorious for amassing large collections) Thus, even if the evidence I uncover is not enough to convict on its own, it's still enough to justify warrants and investigation to collect more, better quality evidence.
I need a wheelchair van for my son. Help me get the word out. https://www.gofundme.com/wheelchair-van-for-jj
Yes, I agree, you can "stumble across" something but you can't go out and hunt for evidence. If your company is truly worried but has no sufficient proof, get a professional third party forensic investigator (and an attorney to give you advice). Otherwise it's just a suspicion/allegation/gut feeling but in many cases you can't just go out and look for something you suspect.
I had something similar fairly recently (allegations of sexual harassment with HR-goons subsequently botching the thing) and the CIO simply searched employee email to "resolve" the issue. A civil case ensued and the judge ruled that the company didn't have a clear enough policy on searching email (which just stated "we can search your email" somewhere deep in a trail of related IT policies) and violated the expectation of privacy of those involved.
Custom electronics and digital signage for your business: www.evcircuits.com
Presumably he got an Android virus doing stupid shit on his Android phone, and got a Windows virus because he was doing stupid shit on his desktop.
OMG, it wasn't a contractor? Seriously, this is typical government workforce in the US.
Just another day in Paradise